How to invalidate user's session forcefully

I want to invalidate user's session when user log in from different remote location in web application.I have session ID and user name of particular user so when i try to use like this HttpSessionContext context=request.getSession().getSessionContext();
context.getSession(sessionID).invalidate();
this is giving null pointer.
and according to sun this method is depreciated for security reason.
so kindly is there any alternative way we have many thing like remote ip address,SessionListner,ContextListner etc.

The best method to invalidate session or not allowing a user to have more than one session, is to create the context scoped map and store the session id and all the relevant info of user into the map. Whenever the user creates the new session just check whether the user is present in the context map or not.

Vymokesha Jagwani wrote:I want to invalidate user's session when user log in from different remote location in web application

Others have helped you make progress on how to do this, but I want to ask what you are trying to do, really, and why you think this is a good idea?
What do you mean, multiple logins? How about two or more windows in a Firefox or Chrome browser? How about people who run both Firefox and Chrome, which are separate applications, on the same computer? What about shared IP connections on separate computers? Can I log into your application with my desktop computer and my iPad?

Vymokesha Jagwani
Greenhorn

Joined: May 24, 2010
Posts: 8

posted May 31, 2010 12:32:25

0

okay i am telling you the actually scenario. my requirement is that i am administrator and multiple users login through remote locations, i want to monitor the users so i want to keep access to show me list of active users and which i have done and also access to invalidate that particular user.and this.sessionId is conformed coming from jsp.
I have also mention that i used http sessionContext's method getSession(String sessionID) but which is depreciated.

I can't make you answer my questions, but you have not addressed them at all.

1) What do you mean, multiple logins?
2) How about two or more windows in a Firefox or Chrome browser?
3) How about people who run both Firefox and Chrome, which are separate applications, on the same computer?
4) What about shared IP connections on separate computers?
5) Can I log into your application with my desktop computer and my iPad?

I believe that any real set of requirements has to specifically decide answers to these five questions, and the many additional ones that are related.

Vymokesha Jagwani
Greenhorn

Joined: May 24, 2010
Posts: 8

posted May 31, 2010 23:02:28

0

ofcourse it is web based application
1) multiple logins?
2) How about two or more windows in a Firefox or Chrome browser?
3) How about people who run both Firefox and Chrome, which are separate applications, on the same computer?
4) What about shared IP connections on separate computers?

Vymokesha, what Pat is trying to convey is that how would you take care of different scenarios arises from, say, e.g opening two different browser, in that case, do you want to invalidate the session running on one browser and keeping it alive on second ?

Have you designed the code considering all the possible situations mentioned by Pat.

Vymokesha Jagwani
Greenhorn

Joined: May 24, 2010
Posts: 8

posted Jun 01, 2010 01:11:22

0

Sagar Rohankar exactly means i am admin and i have right to invalidate a particular user who has login.let supoose i am admin and two other user A and B are login from different machine now i want to kill the session of user B so just click on b and it will be logged off or redirect login page.

Vymokesha Jagwani wrote: i am admin and i have right to invalidate a particular user....

No one is arguing that you don't have the power or right to do what you want. But you are asking in a technical help forum and not asking for technical help, and not answering the questions that are being raised in an attempt to have you detail the real requirements. I expect that you will not find the solutions that you are looking for here. You will need to hire a professional programmer to do the development that you wish.

While I can only guess at your real requirements, I expect that the professional will take a fair amount of time and effort to develop what you want, since you don't seem to be able to discuss any details of your requirements.